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WE CLAIM: 

1. A computer program product for controlling a computer to detect malware, 
said computer program product comprising: 

5 detecting logic operable to detect a file access request to a computer file by a 

requesting computer; 

file access clearance request generating logic operable to generate a file access 
clearance request including data identifying said computer file; 

file access clearance request transmitting logic operable to transmit said file 
10 access clearance request from said requesting computer to an assessment computer 
responsible for assessment of whether said computer file contains malware; 

file access clearance response receiving logic operable to receive at said 
requesting computer a file access clearance response from said assessment computer; 
and 

15 file access permitting logic operable if said file access clearance response 

indicates said computer file does not contain malware, to permit said file access 
request by said requesting computer. 

2. A computer program product as claimed in claim 1, wherein said data 
20 identifying said computer file includes a checksum value calculated from said 

computer file. 

3. A computer program product as claimed in claim 1, wherein said data 
identifying said computer file includes one or more of a filename of said computer file, 

25 data identifying said requesting computer and a storage location of said computer file. 

4. A computer program product as claimed in claim 1, wherein if said file access 
clearance response indicates a scan of said computer file is required by said assessment 
computer, then computer file transmitting logic is operable to transmit said computer 

30 file from said requesting computer to said assessment computer. 
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5. A computer program product as claimed in claim 1, wherein if said file access 
clearance response indicates access to said computer file is denied, then triggering a 
denied access response in said requesting computer. 

5 6. A computer program product as claimed in claim 1, wherein a plurality of 
requesting computers share access to an assessment computer for determining whether 
file access requests by those requesting computers should be denied. 

7. A computer program product for controlling a computer to detect malware, 
10 said computer program product comprising: 

file access request receiving logic operable to receive at an assessment 
computer a file access clearance request from a requesting computer, said file access 
clearance request including data identifying a computer file to be accessed by said 
requesting computer; 

15 file access clearance response generating logic operable in dependence upon 

said data identifying said computer file to determine if said computer file has 
previously been assessed as not containing malware and to generate a file access 
clearance response; and 

file access clearance response transmitting logic operable to transmit said file 

20 access clearance response to said requesting computer. 

8. A computer program product as claimed in claim 7, wherein said data 
identifying said computer file includes a checksum value calculated from said 
computer file. 

25 

9. A computer program product as claimed in claim 7, wherein said data 
identifying said computer file includes one or more of a filename of said computer file, 
data identifying said requesting computer and a storage location of said computer file. 

30 10. A computer program product as claimed in claim 7, wherein if said file access 
clearance response indicates a scan of said computer file is required by said assessment 
computer, then computer file receiving logic is operable to receive at said assessment 
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computer said computer file from said requesting computer and performing a malware 
scan of said computer file. 

11. A computer program product as claimed in claim 7, wherein if said file access 
clearance response indicates access to said computer file is denied, then triggering a 
denied access response in said assessment computer. 

12. A computer program product as claimed in claim 7, wherein said assessment 
computer stores a database of computer files previously assessed as to whether they 
contain malware. 

13. A computer program product as claimed in claim 12, wherein said database 
includes for each computer file fields specifying one or more of a filename of said 
computer file, data identifying said requesting computer and a storage location of said 
computer file, a checksum value calculated from said computer file, an access flag 
indicating whether access to said computer file is denied and a persistence flag 
indicating whether entries relating to said computer file should be purged from said 
database during purge operations. 

14. A computer program product as claimed in claim 1, wherein said assessment 
computer is operable in at least a higher level security mode and a lower level security 
mode, said assessment computer serving to deny access to greater range of computer 
files when operating in said higher level security mode compared with said lower level 
security mode. 

15. A computer program product as claimed in claim 14, wherein said assessment 
computer is triggered to change from said lower level security mode to said higher 
level security mode by a lock down trigger message received at said assessment 
computer from a remote computer. 
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16. A computer program product as claimed in claim 7, wherein a plurality of 
requesting computers share access to an assessment computer for determining whether 
file access requests by those requesting computers should be denied. 

5 17. A computer program product for controlling a computer to detect malware, 
said computer program product comprising: 

file access request detecting logic operable to detect a file access request to a 
computer file by a requesting computer; 

file access clearance request generating logic operable to generate a file access 
10 clearance request including data identifying said computer file; 

file access clearance request transmitting logic operable to transmit said file 
access clearance request from said requesting computer to an assessment computer 
responsible for assessment of whether said computer file contains malware; 

file access clearance request receiving logic operable to receive at said 
15 assessment computer said file access clearance request from a requesting computer; 

file access clearance response generating logic operable in dependence upon 
said data identifying said computer file to determine if said computer file has 
previously been assessed as not containing malware and to generate a file access 
clearance response; 

20 file access clearance response transniitting logic operable to transmit said file 

access clearance response to said requesting computer; 

file access clearance response receiving logic operable to receive at said 
requesting computer said file access clearance response from said assessment 
computer; and 

25 file access permitting logic operable if said file access clearance response 

indicates said computer file does not contain malware to permit said file access request 
by said requesting computer. 

18. A computer program product as claimed in claim 17, wherein said data 
30 identifying said computer file includes a checksum value calculated from said 
computer file. 
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19. A computer program product as claimed in claim 17, wherein said data 
identifying said computer file includes one or more of a filename of said computer file, 
data identifying said requesting computer and a storage location of said computer file. 

5 20. A computer program product as claimed in claim 1 7, wherein if said file access 
clearance response indicates a scan of said computer file is required by said assessment 
computer, then computer file transmitting logic is operable to transmit said computer 
file from said requesting computer to said assessment computer, receiving at said 
assessment computer said computer file from said requesting computer and performing 
10 a malware scan of said computer file. 

21. A computer program product as claimed in claim 1 7, wherein if said file access 
clearance response indicates access to said computer file is denied, then triggering a 
denied access response in said assessment computer. 

15 

22. A computer program product as claimed in claim 17, wherein if said file access 
clearance response indicates access to said computer file is denied, then triggering a 
denied access response in said requesting computer. 

20 23. A computer program product as claimed in claim 17, wherein said assessment 
computer stores a database of computer files previously assessed as to whether they 
contain malware. 

24. A computer program product as claimed in claim 23, wherein said database 
25 includes for each computer file fields specifying one or more of a filename of said 
computer file, data identifying said requesting computer and a storage location of said 
computer file, a checksum value calculated from said computer file, an access flag 
indicating whether access to said computer file is denied and a persistence flag 
indicating whether entries relating to said computer file should be purged from said 
30 database during purge operations. 
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25. A computer program product as claimed in claim 17, wherein said assessment 
computer is operable in at least a higher level security mode and a lower level security 
mode, said assessment computer serving to deny access to greater range of computer 
files when operating in said higher level security mode compared with said lower level 

5 security mode. 

26. A computer program product as claimed in claim 25, wherein said assessment 
computer is triggered to change from said lower level security mode to said higher 
level security mode by a lock down trigger message received at said assessment 

10 computer from a remote computer. 

28. A computer program product as claimed in claim 17, wherein a plurality of 
requesting computers share access to an assessment computer for determining whether 
file access requests by those requesting computers should be denied. 

15 

29. A method of detecting malware, said method comprising the steps of: 
detecting a file access request to a computer file by a requesting computer; 
generating a file access clearance request including data identifying said 

20 computer file; 

transmitting said file access clearance request from said requesting computer to 
an assessment computer responsible for assessment of whether said computer file 
contains malware; 

receiving at said requesting computer a file access clearance response from said 
25 assessment computer; and 

if said file access clearance response indicates said computer file does not 
contain malware, then permitting said file access request by said requesting computer. 

30. A method as claimed in claim 29, wherein said data identifying said computer 
30 file includes a checksum value calculated from said computer file. 
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31. A method as claimed in claim 29, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 
requesting computer and a storage location of said computer file. 

5 32. A method as claimed in claim 29, wherein if said file access clearance response 
indicates a scan of said computer file is required by said assessment computer, then 
transmitting said computer file from said requesting computer to said assessment 
computer. 

10 33. A method as claimed in claim 29, wherein if said file access clearance response 
indicates access to said computer file is denied, then triggering a denied access 
response in said requesting computer. 

34. A method as claimed in claim 29, wherein a plurality of requesting computers 
15 share access to an assessment computer for deterrmmng whether file access requests 

by those requesting computers should be denied. 

35. A method of detecting malware, said method comprising the steps of: 
receiving at an assessment computer a file access clearance request from a 

20 requesting computer, said file access clearance request including data identifying a 

computer file to be accessed by said requesting computer; 

in dependence upon said data identifying said computer file determining if said 

computer file has previously been assessed as not containing malware and generating a 

file access clearance response; and 
25 transmitting said file access clearance response to said requesting computer. 

36. A method as claimed in claim 35, wherein said data identifying said computer 
file includes a checksum value calculated from said computer file. 

30 37. A method as claimed in claim 35, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 
requesting computer and a storage location of said computer file. 
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38. A method as claimed in claim 35, wherein if said file access clearance response 
indicates a scan of said computer file is required by said assessment computer, then 
receiving at said assessment computer said computer file from said requesting 

5 computer and perforating a malware scan of said computer file. 

39. A method as claimed in claim 35, wherein if said file access clearance response 
indicates access to said computer file is denied, then triggering a denied access 
response in said assessment computer. 

10 

40. A method as claimed in claim 35, wherein said assessment computer stores a 
database of computer files previously assessed as to whether they contain malware. 

41. A method as claimed in claim 40, wherein said database includes for each 
15 computer file fields specifying one or more of a filename of said computer file, data 

identifying said requesting computer and a storage location of said computer file, a 
checksum value calculated from said computer file, an access flag indicating whether 
access to said computer file is denied and a persistence flag indicating whether entries 
relating to said computer file should be purged from said database during purge 
20 operations. 

42. A method as claimed in claim 35, wherein said assessment computer is 
operable in at least a higher level security mode and a lower level security mode, said 
assessment computer serving to deny access to greater range of computer files when 

25 operating in said higher level security mode compared with said lower level security 
mode. 

43. A method as claimed in claim 35, wherein said assessment computer is 
triggered to change from said lower level security mode to said higher level security 

30 mode by a lock down trigger message received at said assessment computer from a 
remote computer. 
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44. A method as claimed in claim 35, wherein a plurality of requesting computers 
share access to an assessment computer for detennining whether file access requests 
by those requesting computers should be denied. 

5 45. A method of detecting malware, said method comprising the steps of: 

detecting a file access request to a computer file by a requesting computer; 
generating a file access clearance request including data identifying said 
computer file; 

transmitting said file access clearance request from said requesting computer to 
10 an assessment computer responsible for assessment of whether said computer, file 
contains malware; 

receiving at said assessment computer said file access clearance request from a 
requesting computer; 

in dependence upon said data identifying said computer file determining if said 
1 5 computer file has previously been assessed as not containing malware and generating a 
file access clearance response; 

transmitting said file access clearance response to said requesting computer; 

receiving at said requesting computer said file access clearance response from 
said assessment computer; and 
20 if said file access clearance response indicates said computer file does not 

contain malware, then permitting said file access request by said requesting computer. 

46. A method as claimed in claim 45, wherein said data identifying said computer 
file includes a checksum value calculated from said computer file. 

25 

47. A method as claimed in claim 45, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 
requesting computer and a storage location of said computer file. 

30 48. A method as claimed in claim 45, wherein if said file access clearance response 
indicates a scan of said computer file is required by said assessment computer, then 
transmitting said computer file from said requesting computer to said assessment 
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computer, receiving at said assessment computer said computer file from said 
requesting computer and performing a malware scan of said computer file. 

49. A method as claimed in claim 45, wherein if said file access clearance response 
5 indicates access to said computer file is denied, then triggering a denied access 

response in said assessment computer. 

50. A method as claimed in claim 45, wherein if said file access clearance response 
indicates access to said computer file is denied, then triggering a denied access 

10 response in said requesting computer. 

51. A method as claimed in claim 45, wherein said assessment computer stores a 
database of computer files previously assessed as to whether they contain malware. 

15 52. A method as claimed in claim 51, wherein said database includes for each 
computer file fields specifying one or more of a filename of said computer file, data 
identifying said requesting computer and a storage location of said computer file, a 
checksum value calculated from said computer file, an access flag indicating whether 
access to said computer file is denied and a persistence flag indicating whether entries 

20 relating to said computer file should be purged from said database during purge 
operations. 

53. A method as claimed in claim 45, wherein said assessment computer is 
operable in at least a higher level security mode and a lower level security mode, said 

25 assessment computer serving to deny access to greater range of computer files when 
operating in said higher level security mode compared with said lower level security 
mode. 

54. A method as claimed in claim 53, wherein said assessment computer is 
30 triggered to change from said lower level security mode to said higher level security 

mode by a lock down trigger message received at said assessment computer from a 
remote computer. 
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55. A method as claimed in claim 45, wherein a plurality of requesting computers 
share access to an assessment computer for determining whether file access requests 
by those requesting computers should be denied. 

5 

56. Apparatus for detecting malware, said apparatus comprising: 

a detector operable to detect a file access request to a computer file by a 
requesting computer; 

a file access clearance request generator operable to generate a file access 
10 clearance request including data identifying said computer file; 

a file access clearance request transmitter operable to transmit said file access 
clearance request from said requesting computer to an assessment computer 
responsible for assessment of whether said computer file contains malware; 

a file access clearance response receiver operable to receive at said requesting 
15 computer a file access clearance response from said assessment computer; and 

a file access permission unit operable if said file access clearance response 
indicates said computer file does not contain malware, to permit said file access 
request by said requesting computer. 

20 57. Apparatus as claimed in claim 56, wherein said data identifying said computer 
file includes a checksum value calculated from said computer file. 

58. Apparatus as claimed in claim 56, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 

25 requesting computer and a storage location of said computer file. 

59. Apparatus as claimed in claim 56, wherein if said file access clearance 
response indicates a scan of said computer file is required by said assessment 
computer, then a computer file transmitter is operable to transmit said computer file 

30 from said requesting computer to said assessment computer. 
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60. Apparatus as claimed in claim 56, wherein if said file access clearance 
response indicates access to said computer file is denied, then triggering a denied 
access response in said requesting computer. 

5 61 . Apparatus as claimed in claim 56, wherein a plurality of requesting computers 
share access to an assessment computer for determining whether file access requests 
by those requesting computers should be denied. 

62. Apparatus for controlling a computer to detect malware, said apparatus 
10 comprising: 

a file access request receiver operable to receive at an assessment computer a 
file access clearance request from a requesting computer, said file access clearance 
request including data identifying a computer file to be accessed by said requesting 
computer; 

15 a file access clearance response generator operable in dependence upon said 

data identifying said computer file to determine if said computer file has previously 
been assessed as not containing malware and to generate a file access clearance 
response; and 

a file access clearance response transmitter operable to transmit said file access 
20 clearance response to said requesting computer. 

63. Apparatus as claimed in claim 62, wherein said data identifying said computer 
file includes a checksum value calculated from said computer file. 

25 64. Apparatus as claimed in claim 62, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 
requesting computer and a storage location of said computer file. 

65. Apparatus as claimed in claim 62, wherein if said file access clearance 
30 response indicates a scan of said computer file is required by said assessment 
computer, then a computer file receiver is operable to receive at said assessment 
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computer said computer file from said requesting computer and performing a malware 
scan of said computer file. 

66. Apparatus as claimed in claim 62, wherein if said file access clearance 
5 response indicates access to said computer file is denied, then triggering a denied 

access response in said assessment computer. 

67. Apparatus as claimed in claim 62, wherein said assessment computer stores a 
database of computer files previously assessed as to whether they contain malware. 

10 

68. Apparatus as claimed in claim 67, wherein said database includes for each 
computer file fields specifying one or more of a filename of said computer file, data 
identifying said requesting computer and a storage location of said computer file, a 
checksum value calculated from said computer file, an access flag indicating whether 

15 access to said computer file is denied and a persistence flag indicating whether entries 
relating to said computer file should be purged from said database during purge 
operations. 

69. Apparatus as claimed in claim 62, wherein said assessment computer is 
20 operable in at least a higher level security mode and a lower level security mode, said 

assessment computer serving to deny access to greater range of computer files when 
operating in said higher level security mode compared with said lower level security 
mode. 

25 70. Apparatus as claimed in claim 69, wherein said assessment computer is 
triggered to change from said lower level security mode to said higher level security 
mode by a lock down trigger message received at said assessment computer from a 
remote computer. 

30 71 . Apparatus as claimed in claim 62, wherein a plurality of requesting computers 
share access to an assessment computer for determining whether file access requests 
by those requesting computers should be denied. 
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72. Apparatus for controlling a computer to detect malware, said apparatus 
comprising: 

a file access request detector operable to detect a file access request to a 
5 computer file by a requesting computer; 

a file access clearance request generator operable to generate a file access 
clearance request including data identifying said computer file; 

a file access clearance request transmitter operable to transmit said file access 
clearance request from said requesting computer to an assessment computer 
10 responsible for assessment of whether said computer file contains malware; 

a file access clearance request receiver operable to receive at said assessment 
computer said file access clearance request from a requesting computer; 

a file access clearance response generator operable in dependence upon said 
data identifying said computer file to determine if said computer file has previously 
15 been assessed as not containing malware and to generate a file access clearance 
response; 

a file access clearance response transmitter operable to transmit said file access 
clearance response to said requesting computer; 

a file access clearance response receiver operable to receive at said requesting 
20 computer said file access clearance response from said assessment computer; and 

a file access permission unit operable if said file access clearance response 
indicates said computer file does not contain malware to permit said file access request 
by said requesting computer. 

25 73. Apparatus as claimed in claim 72, wherein said data identifying said computer 
file includes a checksum value calculated from said computer file. 



30 



74. Apparatus as claimed in claim 72, wherein said data identifying said computer 
file includes one or more of a filename of said computer file, data identifying said 
requesting computer and a storage location of said computer file. 
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75. Apparatus as claimed in claim 72, wherein if said file access clearance 
response indicates a scan of said computer file is required by said assessment 
computer, then a computer file transmitter is operable to transmit said computer file 
from said requesting computer to said assessment computer, receiving at said 

5 assessment computer said computer file from said requesting computer and performing 
a malware scan of said computer file. 

76. Apparatus as claimed in claim 72, wherein if said file access clearance 
response indicates access to said computer file is denied, then triggering a denied 

10 access response in said assessment computer. 

77. Apparatus as claimed in claim 72, wherein if said file access clearance 
response indicates access to said computer file is denied, then triggering a denied 
access response in said requesting computer. 

15 

78. Apparatus as claimed in claim 72, wherein said assessment computer stores a 
database of computer files previously assessed as to whether they contain malware. 

79. Apparatus as claimed in claim 78, wherein said database includes for each 
20 computer file fields specifying one or more of a filename of said computer file, data 

identifying said requesting computer and a storage location of said computer file, a 
checksum value calculated from said computer file, an access flag indicating whether 
access to said computer file is denied and a persistence flag indicating whether entries 
relating to said computer file should be purged from said database during purge 
25 operations. 

80. Apparatus as claimed in claim 72, wherein said assessment computer is 
operable in at least a higher level security mode and a lower level security mode, said 
assessment computer serving to deny access to greater range of computer files when 

30 operating in said higher level security mode compared with said lower level security 
mode. 
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81. Apparatus as claimed in claim 80, wherein said assessment computer is 
triggered to change from said lower level security mode to said higher level security 
mode by a lock down trigger message received at said assessment computer from a 
remote computer. 

82. Apparatus as claimed in claim 72, wherein a plurality of requesting computers 
share access to an assessment computer for determining whether file access requests 
by those requesting computers should be denied 



